New cybersecurity guidelines for smart cars were issued by the UK government. The British government has issued a new set of guidelines on Sunday for automakers to incorporate cybersecurity as a priority into their designs of internet-connected vehicles. All internet connected vehicles to drive on the streets need to be better protected against hackers. The Department of Transport and Centre for the Protection of National Infrastructure (CPNI) development eight principles for automakers to follow when making connected cars. UK Transport Minister Lord Callanan said that the number of autonomous and connected vehicles increase on the streets of Britain, guidlines should be put in place to protect consumers. Callanan stated:
“Our cars are becoming smarter and self-driving technology will revolutionise the way in which we travel. Risks of people hacking into the technology might be low, but we must make sure the public is protected.
Whether we’re turning vehicles into wifi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks.”
The eight principles are:
- Principle 1: Organizational security is owned, governed and promoted at board level
- Principle 2: Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
- Principle 3: Organizations need product aftercare and incident response to ensure systems are secure over their lifetime
- Principle 4: All organizations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system
- Principle 5: Systems are designed using a defense-in-depth approach
- Principle 6: The security of all software is managed throughout its lifetime
- Principle 7: The storage and transmission of data is secure and can be controlled
- Principle 8 – The system is designed to be resilient to attacks and respond appropriately when its defenses or sensors fail
The guidelines will force engineers to design vehicles around cyber security threats. All well as, incorporate systems that have the ability to withstand receiving corrupt, invalid, or malicious data. It will also give its users the power to delete personal data from the car’s systems. McAfee chief scientist, Raj Samani said “Driverless vehicles must be secure by design, and the government’s new guidelines will undoubtedly play a key role in ensuring that UK car manufacturers make that happen.”
Mark Noctor, VP EMEA at Arxan Technologies has stated: “A major cyber-attack on connected vehicles would take a terrible toll on human life, so the security guidelines published by the UK Government on Sunday are an important step in securing this emerging technology.” With the issue of the new guidelines the UK government will continue to work alongside the auto industry to ensure vehicles are protected.